[ale] DNAT magic
JK
jknapka at kneuro.net
Fri Oct 24 14:10:40 EDT 2008
Chris Fowler wrote:
> I'm trying to route packets to many different addresses via DNAT. The
> target addresses
> could have any address and are behind a device we install at the remote.
>
> Here is an example setup:
>
> *+--------------+ +--------------+
> | Server |----| PC |
> | 10.0.5.1 |eth0| 10.0.5.50 |
> +--------------+ +--------------+
> | Tunnel (ppp)
> +--------------+
> | Device |
> | 10.0.5.2 |
> +--------------+
> | eth0 172.30.100.0/24
> +--------------+
> | PBX |
> | 172.30.100.10|
> +--------------+
>
>
> *On the server, I have this route 172.30.100.10/32 -> 10.0.5.2
>
> On the device, I'm using MASQ on eth0.
> The device does not see me at 10.0.5.1, It
> will see me as the device.
>
> The way I understand DNAT is that if I want to "assign"
> 10.0.5.3 to the PBX then I need to do this on the server
>
> *ifconfig eth0:1 10.0.5.3
> iptables -t nat -A PREROUTING -i eth0 -d 10.0.5.3 -j DNAT
> --to-destination 172.30.100.10*
You shouldn't need an alias. Just having the PREROUTING rule,
along with a rule in the FORWARD chain that allows traffic
through to 172.30.100.10, should do the trick. (In fact,
I recently found a situation where NAT silently fails on
an interface with an alias, but unfortunately I didn't
bother to document the details :-( I think it was SNAT,
though. )
-- JK
More information about the Ale
mailing list